× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c75789db57d47b9b385b30628a9911f28ca903c7abd5cc3f2ca007720be7677c
File name: crypted120med.exe
Detection ratio: 2 / 55
Analysis date: 2016-02-22 14:11:17 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160222
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160222
Ad-Aware 20160222
AegisLab 20160222
Yandex 20160221
AhnLab-V3 20160222
Alibaba 20160222
ALYac 20160222
Antiy-AVL 20160222
Arcabit 20160222
Avast 20160222
AVG 20160222
Avira (no cloud) 20160222
AVware 20160222
Baidu-International 20160221
BitDefender 20160222
Bkav 20160222
ByteHero 20160222
CAT-QuickHeal 20160222
ClamAV 20160222
CMC 20160222
Comodo 20160222
Cyren 20160222
DrWeb 20160222
Emsisoft 20160222
ESET-NOD32 20160222
F-Prot 20160221
F-Secure 20160222
Fortinet 20160222
GData 20160222
Ikarus 20160222
Jiangmin 20160222
K7AntiVirus 20160222
K7GW 20160222
Malwarebytes 20160222
McAfee 20160222
McAfee-GW-Edition 20160222
Microsoft 20160222
eScan 20160222
NANO-Antivirus 20160222
nProtect 20160222
Panda 20160221
Rising 20160222
Sophos AV 20160222
SUPERAntiSpyware 20160222
Symantec 20160221
Tencent 20160222
TheHacker 20160217
TrendMicro 20160222
TrendMicro-HouseCall 20160222
VBA32 20160222
VIPRE 20160222
ViRobot 20160222
Zillya 20160222
Zoner 20160222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-12 17:07:50
Entry Point 0x0003BF9C
Number of sections 4
PE sections
PE imports
SetServiceObjectSecurity
CreateProcessAsUserA
GetServiceDisplayNameA
GetServiceKeyNameA
FlatSB_ShowScrollBar
CreateToolbarEx
FlatSB_GetScrollRange
DestroyPropertySheetPage
ImageList_BeginDrag
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
FlatSB_GetScrollProp
ImageList_Merge
Ord(6)
ImageList_DrawEx
ImageList_GetBkColor
ImageList_EndDrag
FlatSB_GetScrollInfo
Ord(2)
FlatSB_SetScrollPos
CreatePropertySheetPageA
ImageList_LoadImageA
ImageList_Add
SymGetSymFromAddr
SymEnumerateSymbols
ImageUnload
ImageNtHeader
RemovePrivateCvSymbolic
UnmapDebugInformation
SymGetSearchPath
SymGetOptions
UnMapAndLoad
SymEnumerateModules
ImageRvaToVa
FindExecutableImage
SearchTreeForFile
ImageEnumerateCertificates
MakeSureDirectoryPathExists
RemoveRelocations
GetImageConfigInformation
ImagehlpApiVersion
BindImage
SymCleanup
FindDebugInfoFile
BindImageEx
ImageGetCertificateData
GetStartupInfoA
GetStringTypeA
GetModuleHandleA
WNetCancelConnectionA
WNetConnectionDialog1A
WNetUseConnectionA
MultinetGetConnectionPerformanceA
WNetDisconnectDialog
WNetConnectionDialog
WNetAddConnectionA
WNetAddConnection2A
WNetAddConnection3A
WNetCancelConnection2A
WNetDisconnectDialog1A
__p__fmode
tanh
_acmdln
ldiv
__p__commode
__setusermatherr
scanf
__initenv
fputwc
_controlfp
__p___argv
_adjust_fdiv
__set_app_type
VarDecFromUI4
VarBoolFromR8
VarDecFromUI1
VarDecFromUI2
SysStringByteLen
VarBoolFromR4
VarMul
VarDecFromStr
VarCyCmp
SysAllocString
LPSAFEARRAY_UserUnmarshal
SafeArrayCreate
VarCyFromI4
BSTR_UserFree
VarUI4FromI2
VarI4FromI2
SafeArrayGetElemsize
VarImp
VarBoolFromI2
GetActiveObject
SafeArrayAccessData
SafeArrayGetLBound
VarUI1FromUI4
VarXor
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarR8FromDisp
VarI1FromUI1
SafeArrayAllocDescriptorEx
VarI1FromUI4
LoadTypeLibEx
VarR8FromI1
VarR8FromI4
SafeArrayLock
VARIANT_UserFree
VarCyNeg
VarI1FromI4
SafeArrayPtrOfIndex
VarCySub
SafeArraySetRecordInfo
VarDecRound
DispGetParam
BSTR_UserUnmarshal
OleLoadPictureEx
VariantTimeToSystemTime
VarDecFromDate
SafeArrayCopy
GetRecordInfoFromTypeInfo
VarI2FromDisp
VarDateFromUdate
VarFormatDateTime
SystemTimeToVariantTime
OleSavePictureFile
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarBstrFromDisp
VarI2FromDec
VarDecFromR4
SysReAllocString
VarUI4FromR8
VarDateFromStr
VarCat
VarCyFromDate
OleLoadPicturePath
SafeArrayPutElement
VarDecFromI4
VarI4FromI1
VarI4FromR4
VarI2FromR4
VarCyFix
VarI4FromR8
VarI2FromR8
VarUI2FromUI4
VarFormat
VarBoolFromDisp
VarUI2FromUI1
SafeArraySetIID
VarDateFromBool
VarI1FromDec
VariantInit
VarUI4FromDisp
VarR4FromUI1
VarDateFromR4
VarCyCmpR8
VarDecInt
VarDateFromR8
VarI1FromBool
VarCyFromI1
SysReAllocStringLen
VarCyMulI4
VarBoolFromUI1
SafeArrayGetUBound
VarCyFromDec
VarCyFromI2
VarR4FromCy
SysFreeString
SysAllocStringByteLen
VarFormatFromTokens
VarInt
VarR4CmpR8
VarR8FromDate
CreateDispTypeInfo
VarCyAbs
VarR4FromDec
VarR4FromBool
VarDecFix
VARIANT_UserMarshal
SafeArrayGetVartype
SafeArrayGetRecordInfo
VarDecMul
DispGetIDsOfNames
VarI4FromBool
SysAllocStringLen
VarR4FromDate
VarDecAbs
VarCyFromDisp
VarR8FromDec
RegisterActiveObject
VarI1FromDisp
VarCyFromBool
VarUI2FromStr
VarUI1FromDisp
VarI4FromDisp
VarCyFromR4
VariantTimeToDosDateTime
OleLoadPictureFileEx
VarI2FromDate
VarR4FromI4
VarR4FromI1
VarR8Pow
VarR4FromI2
VarFormatCurrency
VarI2FromStr
CreateTypeLib
VarBoolFromI4
VarI2FromBool
SafeArrayGetIID
VarBoolFromI1
SafeArrayAllocData
SafeArrayDestroyDescriptor
VarBstrFromI1
UnRegisterTypeLib
VarUI2FromBool
SafeArrayUnaccessData
VariantCopyInd
VarUI2FromI1
SafeArrayDestroy
VarBoolFromStr
VarI1FromUI2
OaBuildVersion
LoadTypeLib
VarDecFromBool
VarPow
LoadRegTypeLib
VarAbs
VarAnd
VarWeekdayName
VarNeg
VarBoolFromDec
VarCyAdd
VarR8FromStr
VarBoolFromDate
VarMod
VarCyFromStr
SafeArrayCopyData
VarDecCmp
VarMonthName
VarUI4FromStr
LHashValOfNameSys
RevokeActiveObject
LHashValOfNameSysA
SafeArrayAllocDescriptor
OleLoadPictureFile
VarI2FromUI1
VarI2FromUI2
VariantCopy
VarI2FromUI4
VarI4FromDec
VarCyInt
SafeArrayGetDim
VarR4FromR8
VarI4FromUI1
VarBstrFromR8
SysStringLen
VarBstrFromDec
VarEqv
SafeArrayDestroyData
VarDateFromDisp
VarR8FromR4
VarUI1FromCy
VarDecNeg
VarUI1FromStr
VarUI4FromUI2
VARIANT_UserUnmarshal
VarCyFromUI4
VarCyFromUI2
VarCyFromUI1
VariantChangeTypeEx
VarUI2FromR4
VarBstrFromDate
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarDecFromCy
VarI1FromCy
VarUI2FromR8
VarDateFromI1
SafeArrayUnlock
VarDecCmpR8
VarDateFromI4
VarIdiv
CreateTypeLib2
SafeArrayCreateEx
VarR4FromStr
VarR8FromUI2
VarI1FromDate
VarR8FromUI4
VarBstrCat
SafeArrayGetElement
VarUI2FromDec
VarUI2FromI2
VarBstrFromCy
VarBoolFromCy
VarBoolFromUI2
VarBoolFromUI4
VectorFromBstr
VarR4FromUI4
BstrFromVector
VarR4FromUI2
VarI4FromUI2
BSTR_UserSize
VarDecAdd
VarRound
VarAdd
VarUI1FromR8
VarUI4FromCy
LPSAFEARRAY_UserSize
VarNot
VarR8FromCy
VARIANT_UserSize
VarUI1FromR4
VarFormatPercent
VariantClear
VarUI2FromCy
VarDiv
GetAltMonthNames
VarR8FromBool
VarI1FromStr
CreateStdDispatch
VarDateFromUI4
VarDateFromUI1
LPSAFEARRAY_UserFree
VarDateFromUI2
RasGetConnectStatusA
PrintDlgA
GetFileTitleA
ReplaceTextA
FindTextA
CommDlgExtendedError
GetOpenFileNameW
ChooseFontW
PageSetupDlgA
GetOpenFileNameA
FindTextW
ReplaceTextW
PrintDlgW
GetSaveFileNameA
ChooseFontA
Number of PE resources by type
RT_MENU 8
RT_ACCELERATOR 2
RT_RCDATA 1
RT_BITMAP 1
RT_VERSION 1
Kj82OU 1
Number of PE resources by language
CHINESE MACAU 14
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.149.166.114

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x3bf9c

OriginalFileName
Prick.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010

FileVersion
114, 101, 25, 109

TimeStamp
2007:04:12 18:07:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Reactivated

ProductVersion
27, 113, 165, 177

FileDescription
Scrutiny

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Elcomsoft Co. Ltd.

CodeSize
245760

FileSubtype
0

ProductVersionNumber
0.206.13.209

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 ab65984f0597c947fcdc127f66c10b69
SHA1 2bc61c21bc3b0b1cb644b655d182ce3e30c9b84f
SHA256 c75789db57d47b9b385b30628a9911f28ca903c7abd5cc3f2ca007720be7677c
ssdeep
6144:iAwT9+ApEiHUdm3Om1JqjSiYe+6ga5TUsSKN8nUg9j7:XKtMMJqjSiYetaC9gt7

authentihash 0b0c7b25c6879ec5f9004c92e0494b893ce3988455aa42a622a046b8b91ace28
imphash 088497f643268a8de9529e8d7ee8e012
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-22 13:46:39 UTC ( 3 years, 2 months ago )
Last submission 2016-09-12 08:27:10 UTC ( 2 years, 7 months ago )
File names kokoko.exe
kokoko.exe
crypted120med.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications